DansGuardian Reporting 'Access Denied' settings not working

sgirard

What I did: I upgraded to pfSense 2.1.

My issue: The 'Reporting Level' settings seem to be broken.

Symptoms: All denied accesses return the default DansGuardian block page. Changing the html in the 'Report file' text box have no effect. Changing the 'Reporting Level' has no effect.

How I tried to fix it: I reinstalled the DansGuardian package. I disabled/enabled DansGuardian. I rebooted the firewall.

OS Version: 2.1-RELEASE (amd64) built on Wed Sep 11 18:17:37 EDT 2013 FreeBSD 8.3-RELEASE-p11

Everything else seems to be working as expected. Any thoughts?

sgirard

Solved for now:

It appears the DansGuardian package 2.12.0.3  v.0.1.8 on my system is writing the Report File html to this location:
/usr/local/share/dansguardian/languages/ukenglish/template.html

But on pfSense 2.1, the DansGuardian package is using this location for the Access Denied html:
/usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html

Temporary Solution:

I manually modified the template.html in the /usr/pbi/ location using sftp, restarted DansGuardian, and now my block page works correctly (albeit without the use of the web gui).

Here are links I found useful:
https://doc.pfsense.org/index.php/HOWTO:_Access_pfSense_filesystems_remotely_with_scp
https://forum.pfsense.org/index.php/topic,69409.msg379522.html#msg379522

bryan.paradis

The package system has moved to PBI's instead so that packages with different versions of the same libraries don't conflict.  Just create a link to where it is and where it should be if this seems to be the case. Should get a hold of the maintainer. Check here https://forum.pfsense.org/index.php/topic,43786.0.html

ln -s /usr/local/share/dansguardian/languages/ukenglish/template.html /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html

bryan.paradis

There are issues in the dansguardian.inc file

#log report
	if ($dansguardian_log['report_file']=="" && file_exists("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html")){
		$report_file=file_get_contents("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html");
		$report_file=preg_replace('/<.*(html|head)>/','',$report_file);
		$config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file);
		$dansguardian_log['report_file']=base64_encode($report_file);
		$load_samples++;

And

#Create report template
	if (is_dir("/usr/local/share/dansguardian/languages/".$reportlanguage)) 
		file_put_contents("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html",dg_text_area_decode($dansguardian_log['report_file']),LOCK_EX);

dansguardian_dir needs to be appending to the paths:

Try editing this file and these lines below

Lines 927-928

if (is_dir(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage)) 
		file_put_contents(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html",dg_text_area_decode($dansguardian_log['report_file']),LOCK_EX);

Lines 694-695

	if ($dansguardian_log['report_file']=="" && file_exists(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html")){
		$report_file=file_get_contents(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html");

And undo that link you made earlier

sgirard

I tried your suggested edits to dansguardian.inc that I found here:
/usr/local/pkg/dansguardian.inc

However, I used $dansguardian_dir. (shouldn't there be "$")? I also removed the symlink I had created earlier.

I restarted DansGuardian, and loaded a blocked page. I did not get the correct html for the blocked page.

I reverted to the original dansguardian.inc., restarted DansGuardian and now I am getting the correct html even when I make changes using the web gui. So I don't know why it started working correctly.

Somewhere in trying different things, I reinstalled DansGuardian from the Package Manager. Maybe that fixed something.

Bryan, thank you for looking into this. I hope I didn't cause you to lose too much time.

bryan.paradis

@sgirard:

I tried your suggested edits to dansguardian.inc that I found here:
/usr/local/pkg/dansguardian.inc

However, I used $dansguardian_dir. (shouldn't there be "$")?

$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version > 2.0)
        define('DANSGUARDIAN_DIR', '/usr/pbi/dansguardian-' . php_uname("m"));
else
  define('DANSGUARDIAN_DIR', '/usr/local');

As you can see it is a define and not a variable. You do not want to use the $ sign in front it should work the way I posted it. This is called a constant and you can find out more about define and constants in php here

Thought I should have capitalized it…...

@sgirard:

I also removed the symlink I had created earlier.

Try this to make sure you actually did get rid of that link:

find / -type l -name \*dansguardian\*

@sgirard:

I restarted DansGuardian, and loaded a blocked page. I did not get the correct html for the blocked page.

Well depending where in the file $dansguardian_dir gets manipulated and is not the same as the constant I am not sure if it would have been in the right state at that part in the file to actually work.

@sgirard:

I reverted to the original dansguardian.inc., restarted DansGuardian and now I am getting the correct html even when I make changes using the web gui. So I don't know why it started working correctly.

Somewhere in trying different things, I reinstalled DansGuardian from the Package Manager. Maybe that fixed something.

Bryan, thank you for looking into this. I hope I didn't cause you to lose too much time.

Oh well. If you can confirm the link does not exist for sure then I can revert my changes tomorrow and try to figure out why it is actually working.

What is the path listed for language files in your dansguardian.conf?

Update:

Looks like they are already symlinked for me on a fresh install.

[2.1-RELEASE][root@pfsense.localdomain]/usr/local/share/dansguardian/languages/ukenglish(15): ls -la
total 3
drwxr-xr-x   2 root  wheel   512 Feb 25 06:45 .
drwxr-xr-x  29 root  wheel  1024 Feb 25 06:45 ..
lrwxr-xr-x   1 root  wheel    87 Feb 25 06:45 fancydmtemplate.html -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/fancydmtemplate.html
lrwxr-xr-x   1 root  wheel    75 Feb 25 06:45 messages -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/messages
lrwxr-xr-x   1 root  wheel    80 Feb 25 06:45 template.html -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html

sgirard

@bryan.paradis:

Try this to make sure you actually did get rid of that link:

find / -type l -name \*dansguardian\*

It's gone– "find" didn't find anything.

@bryan.paradis:

What is the path listed for language files in your dansguardian.conf?

Update:

Looks like they are already symlinked for me on a fresh install.

[2.1-RELEASE][root@pfsense.localdomain]/usr/local/share/dansguardian/languages/ukenglish(15): ls -la
total 3
drwxr-xr-x   2 root  wheel   512 Feb 25 06:45 .
drwxr-xr-x  29 root  wheel  1024 Feb 25 06:45 ..
lrwxr-xr-x   1 root  wheel    87 Feb 25 06:45 fancydmtemplate.html -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/fancydmtemplate.html
lrwxr-xr-x   1 root  wheel    75 Feb 25 06:45 messages -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/messages
lrwxr-xr-x   1 root  wheel    80 Feb 25 06:45 template.html -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html

Interesting. I don't have the symlinks:

[2.1-RELEASE][admin@pfsense.localdomain]/usr/local/share/dansguardian/languages/ukenglish(84): ls -alh
total 24
drwxr-xr-x   2 root  wheel   512B Feb 24 21:39 .
drwxr-xr-x  29 root  wheel   1.0k Oct  8 00:51 ..
-r--r--r--   1 root  wheel   6.1k Jan 28  2013 fancydmtemplate.html
-r--r--r--   1 root  wheel   2.6k Jan 28  2013 messages
-r--r--r--   1 root  wheel   2.9k Feb 25 00:40 template.html

I'll try your suggestions again with the dansguardian.inc file tomorrow.

bryan.paradis

That is odd that you don't have links there. Check your conf file to see where it is pointing to language files.

sgirard

I am a little slow, but it looks like I have two separate DansGuardian installs with their own config files. Both copies seem to be sharing (I think?) the dansguardian.inc file found here:

/usr/local/pkg/dansguardian.inc

I have two dansguardian.conf files:

/usr/local/etc/dansguardian/dansguardian.conf
    /usr/pbi/dansguardian-amd64/etc/dansguardian/dansguardian.conf

Each dansguardian.conf file specifies a different language directory:

languagedir = '/usr/local/share/dansguardian/languages'
    languagedir = '/usr/pbi/dansguardian-amd64/share/dansguardian/languages'

The (shared?) dansguardian.inc file has two lines that reference dansguardian.conf: lines 979 and 1118
    Line 979:

include("/usr/local/pkg/dansguardian.conf.template");

Line 1118:

file_put_contents($dansguardian_dir."/dansguardian.conf", $dg, LOCK_EX);

I only have 2 (two) DansGuardian related symlinks in /usr/local/etc/: (I have ignored 15 symlinks not related to DansGuardian).

find /usr/local/etc/ -type l

Returns these:

/usr/local/etc/dansguardian/lists/blacklists/ads/domains
/usr/local/etc/dansguardian/lists/blacklists/ads/urls

Which correspond to these symlinks:

lrwxr-xr-x   1 root    nobody    73B Feb 24 01:32 domains -> /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/ads/domains
lrwxr-xr-x   1 root    nobody    70B Feb 24 01:32 urls -> /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/ads/urls

I don't know why my symlinks don't match your installation.  :-[
But maybe I can fix it? I don't know the best way to proceed.

bryan.paradis

Hmm I will have a look at the symlinks later. Sort of odd. I am not sure what is going on there. There are two packing systems, old and new, non-pbi and pbi. The script code is mostly updated to use one or the other depending on the pfsense version number but it seems like the package still is sort of in between both worlds.

sgirard

Bryan: If you can spare a few minutes, would you mind running a find against your clean install and report back the DansGuardian related symlinks on your system? I am thinking about manually recreating these on my system.

bryan.paradis

@sgirard:

Bryan: If you can spare a few minutes, would you mind running a find against your clean install and report back the DansGuardian related symlinks on your system? I am thinking about manually recreating these on my system.

I think you need to uninstall the dansguardian package and cleanup your pfsense install manually. You must have the old package sitting there from <2.0 and the newer version is going in as the PBI.

1. Uninstall from GUI
2. Find / -name *dansguardian*
3. Delete everything you can find including folders/links
4. Once you have cleaned out all the old crap install it again from the GUI

sgirard

Bryan:

Thank you for your help on this. I finally got around to following your advice to uninstall DansGuardian from the gui, then from a terminal session I deleted all of the dansguardian files from your steps #2-3.

I upgraded pfsense to 2.1.2.

I then reinstalled DansGuardian from the gui, and everything seems to be working correctly. The correct symlinks are there, and I can edit the configurations using the gui. Almost all of my previous settings are still there– I'm glad about that but I am curious where those configuration settings are stored.

** Tip: After reinstalling DansGuardian, I had trouble getting DansGuardian to start until I deleted .dguardianipc and .dgaurdianurlipc in /tmp.
Rebooted and it works again.  (see this message for this tip: https://forum.pfsense.org/index.php?topic=75068.msg409652#msg409652)